Canada’s most popular social network is now the target of possibly the largest class-action lawsuit in the country’s history, in terms of the sheer number of people included.
Palo Alto, Calif.-based Facebook Inc. is the defendant in a class action proceedings filed by Merchant Law Group LLP in a Winnipeg court Friday. The suit alleges Facebook users were duped by the social network when it made changes to privacy settings in November and December 2009. It accuses Facebook of taking part in “bait and switch” tactics with the goal of cashing in on users’ personal data.
While an online form on Merchant Law Group’s Web site calls on Canadians to register, that’s not a requirement to be a claimant in the suit, Merchant told ITBusiness.ca in a phone interview.
“It’s irrelevant how many people contact us. All Facebook users are in the lawsuit,” he said. And that would include nearly half of all Canadians.
Related Article
Three steps to master Facebook’s new privacy controls
Facebook hit with new privacy complaint after updates
The law firm is still encouraging users to sign up because it helps to demonstrate the strength of the case. There were 320 people registered as of the morning of July 5, but Merchant anticipates “thousands and thousands” will eventually fill out the form.
Facebook is very popular in Canada.
As of July 1, 2010 Facebook reported nearly 15.5 million Canadian users. But only users who had accounts before the changes to privacy settings were rolled out in November could be involved in the lawsuit. On July 1, 2009 there were 11.9 million Canadian Facebook users. Data is reported by blogger Nick Burcher, global head of social media at ZenithOptimedia.
The court document filed on the Manitoba Courts registry names Donald J. Woligroski against defendant Facebook Inc.
“In effect, the changes enacted by Facebook on or about November 19, 2009 and on or about December 9, 2009 and on or about January 20, 2010 were deceptively described by Facebook, leading users to believe their personal information was protected from unauthorized sharing, use and dissemination,” the suit states. Jason Zushman is the lawyer listed.
“You’ve got people filling out the longest consumer survey ever, and they’re not even aware that’s what they’re doing,” he says. “I got taken in, too.”
Zushman normally locks down his Facebook profile with the strictest privacy settings available. But after clicking on a pop-up window in November 2009, some of his settings were automatically changed to a new default that made his information publically available. It wasn’t until a friend pointed it out to him that he realized what had occurred.
“I was surprised,” he says. “If you’re uploading stuff to the Internet, you shouldn’t have an expectation of privacy, unless the person handling your information has given you an assurance of privacy.”
Facebook dropped its regional networks in November last year and as some privacy settings relied on those geographic groups, the social network prompted every user to revisit their settings.
At the same time, some default privacy settings were changed to make information public to the Internet. Facebook CEO Mark Zuckerberg addressed the changes in a Dec. 1, 2009 blog post.
“We’ve worked hard to build controls we think will be better for you, but we also understand that everyone’s needs are different,” he wrote. “We’ll suggest settings for you based on your current level of privacy, but the best way for you to find the right settings is to read through all your options and customize them for yourself. I encourage you to do this and consider who you’re sharing with online.”
Facebook misled users into thinking their privacy settings would be more secure by default, Merchant says.
“We see it as a process of bait and switch where they tell people their privacy is being improved,” he says. “When changes were made, the default position allowed Facebook to harvest and mine their personal information for commercial purposes.”
Facebook hasn’t responded to the court filing yet. “We have not yet received the complaint,” was the only official statement made by Facebook yesterday. The company has 40 days to respond to the court filing in Winnipeg.
Facebook is no stranger to legal woes. A similar class-action lawsuit was filed in California’s U.S. District Court Jan. 29. That suit claims the social network violated several privacy laws and accused it of “unjust enrichment” – cashing in on users’ data in an unethical way.
Canada’s Privacy Commissioner is currently conducting its second investigation into Facebook as a result of the privacy settings changes made late last year. Facebook previously agreed to make a slew of changes after the previous investigation that made it clear the social network was in violation of the privacy law governing commercial entities in Canada.
Facebook has been making those changes, but that doesn’t mean they can’t be sued, Zushman says.
“While Facebook has changed the privacy policies since doing that, the issue is how do you get the genie back in the bottle?” he says. “That’s really the crux of the action.”
Facebook’s Terms of Service reserve the right to change its terms if it provides notice via the Facebook Site Governance Blog and an opportunity to comment first. But that doesn’t mean they have carte blanche to change the terms in any way they see fit, Merchant says.
“Companies put in all sorts of release information, which nobody by and large ever reads,” he says. “Because you just have to take the service or not, you have no powers of negotiating.”
Courts have generally not enforced such clauses when there’s an imbalance of bargaining power with a take-it-or-leave it contract or an overly complex contract, he adds. Facebook’s terms are over 45,000 words, longer than the U.S. Constitution.
Claimants could expect to receive a significant amount of money if the law suit works in their favour and Facebook has made huge profits from the exercise, Merchant says. Some users may be entitled to more compensation if their accounts suffered a security breach. A judge may also choose to impose punitive damages to make an example of the social network.
Follow Brian Jackson on Twitter and check out the IT Business Facebook Page.
